[WIP]: Export Certification Request Information Builder #4
Conversation
- Refactor the CSRBuilder so it only does the signing part leaving
all common code for building a Certificate Signing Request
|
Conceptually the biggest issue is figuring out how to make oscrypto a default, but optional dependency in setup.py. |
|
Perhaps there end up being two packages? One that is the abstract code using asn1crypto and another the uses it and signs it with oscrypto? |
|
@wbond, thanks for responding quickly! I was not trying to completely solve the original issue of supporting a third-party crypto library in this PR. Instead, I wanted the user to get all the way to a "ToBeSigned"CertificateRequest in proper ASN1 format and then let them sign and attach the signature according to their needs. In my case I am using boto3 AWS KMS, but you could include any other crypto library at this point. Another option is to check if the |
The goal of this PR it to help with the long-standing issue wbond/asn1crypto#6 where we want to use the existing work in csrbuilder to create a CertificationRequestInfo but let the actual signing be done separately.
We do it by splitting pulling up all methods from CSRBuilder into the base class CRIBuilder, and refactoring the
buildmethods of each class. This has the advantage of not breaking any of the existing APIs.@wbond, if you're okay with this concept I would like to do a similar split for certbuilder.